The advent of the Internet of Medical Things (IoMT) is truly revolutionizing patient care, promising to alleviate much of the burden on an already struggling healthcare system. For all the breathtaking potential of the IoMT, however, there are equally significant risks.
More specifically, IoMT security is a deep and growing concern both as technologies proliferate and as cybersecurity threats increase. This article examines the issue of IoMT security, identifies the most significant security risks to the IoMT, and describes best practices for remediating those risks.
What Is the IoMT and Why Does It Matter?
The IoMT refers to a constellation of internet-connected medical devices that are currently being developed to provide an array of healthcare services, such as continuous patient monitoring. The IoMT enables healthcare providers to collect, document, and store vast volumes of patient data without requiring the patient to be admitted to a hospital or clinic.
From the perspective of patient monitoring and clinical observation, IoMT devices enable a level of care equivalent to or perhaps even better than bedside care. The devices can be used from the comfort of the patient’s home, preventing “white coat syndrome,” the elevation in respiration, pulse, and blood pressure that comes with a doctor’s visit.
What that means is that the physiological data that clinicians are able to gather from IoMT are often far more comprehensive and far better representative of the patient’s true health status. Thus, with the improved quantity and quality of patients’ health data, the clinician is often able to make more accurate diagnoses and devise more effective treatment plans.
In addition, because Artificial Intelligence (AI) technologies are integrated into or connected with IoMT, patient care capacities are exponentially increased. Intelligent health systems, for instance, can perform sophisticated analytics using IoMT data and provide clinicians with vital recommendations for evidence-based care.
The Security Risks of IoMT
As profound as the benefits of IoMT technologies are for patients and clinicians alike there are also myriad security risks. For instance, IoMT devices, particularly commercial health trackers, may be designed with insufficient security firmware, leaving them vulnerable to breach.
This means that patients who may believe they are doing their healthcare provider a service by tracking their health data may, in fact, be generating data that’s easy for hackers to steal.
However, the security risks of IoMT aren’t limited only to commercial health devices. Sophisticated IoMT technologies available only through prescription can be just as susceptible to breach and, unfortunately, the consequences can be particularly catastrophic.
For example, IoMT vulnerabilities don’t just involve the potential exposure of the patient’s sensitive medical data. Rather, cyber-attacks, such as ransomware attacks, may cause potentially life-threatening disruptions in device functionality.
Innovations in devices such as cardiac pacemakers and internal defibrillators, for instance, are enhancing their functionality through network connectivity. The threat, though, is that these devices may be hijacked by cybercriminals seeking to cause harm to the patient or to hold the device (and therefore the patient’s life) for ransom.
Botnet attacks against IoT technologies, for example, are becoming increasingly prevalent and pernicious. These attacks can result in everything from Denial of Service (DoS) events to account (or device) takeover.
Protecting IoMT Security From Patient Misuse
There are many ways that IoMT security may be compromised. On the most basic level, because many of these devices are designed for in-home use by patients and their caregivers, security lapses may occur through simple mishandling.
Patients may, for example, inadvertently lose their device or it may be stolen, potentially compromising their health data. Likewise, patients may connect their devices to unsecured networks, such as public Wi-Fi, without realizing that doing so may expose their private information to hackers.
Avoiding security threats such as these requires a multipronged approach that includes both patient education and the integration of built-in security measures. It will be incumbent on clinicians to train patients on the appropriate handling of the device and on the cybersecurity measures they will need to take to secure it.
The onus, however, is principally on technology developers to reduce the risk of potential patient misuse. This might include, for instance, automatic lockouts when the device is connected to an unsecured network. Biometric authentications, such as fingerprint or retinal scans, should be required before the device can be operated.
Optimizing IT Processes
One of the most significant challenges of securing IoMT devices is the simple fact that many of these technologies are invisible on a health system’s IT network. Because of this, security technologists may be unaware of exactly how many devices are connected to the system.
This means that any security audits, patches, or upgrades may not be applied to IoMT devices. The result is a constellation of IoMT devices floating around the health system unrecognized and with their security vulnerabilities unaddressed.
This is why it is important for technology developers to prioritize secure visibility in IoMT devices. It should be simple for IT security teams to see what IoMT devices are connected to the network to ensure that security audits and upgrades apply to them.
This might involve data segmentation to ensure that technologists have the capacity to identify, audit, and update IoMT devices without being granted inappropriate access to patient data. Such processes will ensure the maximum level of interconnectivity and interoperability without jeopardizing patient privacy or compromising HIPAA and related statutes.
The Internet of Medical Things (IoMT) may well be the future of healthcare. These technologies are enabling clinicians to provide a truly unprecedented level of patient care by optimizing patient monitoring, healthcare access, patient diagnoses, and evidence-based treatment planning. At the same time, IoMT is relieving the burden on a healthcare system marked by surging demand and declining labor rates.
However, to achieve the full potential of IoMT, improvements in security are urgently needed. This includes innovations in technology development to reduce the risk of end-user mishandling, botnet and ransomware attacks, and insufficient network oversight. Biometric authentication capabilities, increased network visibility, and data segmentation are likely to be key to the development of secure firmware.